upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/apis
History
Jordan Liggitt af36d192c3 RBAC helper: fix data race 
The verbs parameter slice might be shared between different rule instances and
gets sorted (= written), so we have to make a copy or (even better) also
de-duplicate as in pkg/apis/rbac/helpers.go.

More specifically, plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
shares the Read and ReadWrite slices, causing:

    WARNING: DATA RACE
    Read at 0x000008e5e5b0 by goroutine 124:
      slices.insertionSortOrdered[go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:14 +0x126
      slices.pdqsortOrdered[go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:75 +0x6c4
      slices.Sort[go.shape.[]string,go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/sort.go:18 +0x64
      sort.Strings()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/sort/sort.go:181 +0xe
      k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).Rule()
          /home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:98 +0x2c9
      k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).RuleOrDie()
          /home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:65 +0x2f44
      k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy.ClusterRoles()
          /home/prow/go/src/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go:404 +0x2c13
    ...
    Previous write at 0x000008e5e5b0 by goroutine 123:
      slices.insertionSortOrdered[go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:15 +0x2f9
      slices.pdqsortOrdered[go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:75 +0x6c4
      slices.Sort[go.shape.[]string,go.shape.string]()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/sort.go:18 +0x64
      sort.Strings()
          /home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/sort/sort.go:181 +0xe
      k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).Rule()
          /home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:98 +0x2c9
      k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).RuleOrDie()
          /home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:65 +0x2f44
      k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy.ClusterRoles()
          /home/prow/go/src/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go:404 +0x2c13

Seen in test/integration/apiserver/oidc.
2026-02-03 15:46:33 +01:00
..
abac generate 2025-09-10 15:52:58 -04:00
admission Use randfill, do API renames 2025-03-08 15:18:00 -08:00
admissionregistration feat(admissionregistration): enable declarative validation wiring and require ValidationActions 2026-01-24 03:46:24 -08:00
apidiscovery remove import doc comments 2024-12-02 16:59:34 +01:00
apiserverinternal chore: depr. pointer pkg replacement for pkg/apis 2025-07-07 12:54:05 +02:00
apps run update-codegen.sh 2025-11-06 00:54:52 +00:00
authentication remove import doc comments 2024-12-02 16:59:34 +01:00
authorization KEP-4601: Graduate selector authorization to stable 2025-07-14 16:19:52 -04:00
autoscaling Move path-segment validation to pkg content 2026-01-13 13:27:41 -08:00
batch Adding declarative validations to CronJob 2026-01-15 14:05:15 -07:00
certificates run codegen 2026-01-06 20:18:06 +00:00
coordination generated 2025-03-12 19:25:30 +00:00
core feat(storage): enable validation-gen + DV wiring for storage.k8s.io (#135438) 2026-01-24 14:29:26 +05:30
discovery Add declarative validation tests for EndpointSlice addressType supported values 2026-01-09 11:54:52 -05:00
events remove import doc comments 2024-12-02 16:59:34 +01:00
extensions KEP-3721: Support for env files (#132626) 2025-07-22 13:40:42 -07:00
flowcontrol address review comments 2025-07-14 18:13:00 +00:00
imagepolicy remove import doc comments 2024-12-02 16:59:34 +01:00
networking Move path-segment validation to pkg content 2026-01-13 13:27:41 -08:00
node run codegen 2026-01-06 20:18:06 +00:00
policy Use randfill, do API renames 2025-03-08 15:18:00 -08:00
rbac RBAC helper: fix data race 2026-02-03 15:46:33 +01:00
resource Migrate ResourceSlice map key validation to declarative validation 2026-01-07 17:53:45 +00:00
scheduling Add udpate and immutable tags on Workload API 2026-01-15 14:26:40 -08:00
storage Mark CSIServiceAccountTokenSecrets feature gate as GA 2026-01-28 14:41:34 -06:00
storagemigration Update SVM to Beta 2025-10-29 19:36:11 +00:00
OWNERS Check in OWNERS modified by update-yamlfmt.sh 2021-12-09 21:31:26 -05:00